[FEATURE]: allow not only passwords but also passkeys

[JohnnyImminger]

⚠️ This issue respects the following points: ⚠️

• This is a feature request for one feature, not a question, discussion or multiple features.
• This is not a feature request for the browser extension or another client.
• This feature is not already requested on Github (I've searched it).
• This feature does not already exist (I checked the wiki).

Current Status

Only passwords can be created/saved/synced

Feature Description

Passkeys are getting more and more popular and there is now broad support by operating systems and to some extent other password managers. Eventually they might replace passwords entirely.
In my opinion their key feature for future success is the syncronization of passkeys between different devices, as the major drawback is the hassle to set up passkey sign in for each and every combination of webservice and device.

To some extent the 3 major players in the game (Apple, Microsoft and Google) support the syncronization, but as often, you are locked into their respective ecosystems. Adding to that, you have to trust those companies enough to hand them all your keys.

My suggestion now is to support the same workflow for passkeys as it is supported for passwords, including:

• allow storing passkeys on the server
• allow creation of passkeys via browser-plugins/apps (affecting all of them) if user decides to set up passwordless login (for example in nextcloud via web-authn)
• allow sign in with passkeys via extenstions/apps (for example in nextcloud using ‚log in with device‘)

A real life scenario of mine would look like this:

• using Firefox browser + passwords extension on my Windows Laptop signing into my Nextcloud account via password
• setting up web-authn in settings->security
  • extension intervenes, asking to use it to create and store the passkey
    • allowing it does the said action
    • disallowing resumes to the usual workflow of the operating system
  • on success, continue in nextcloud to give the device a name
• using iPad with Passwords app and safari
  • log in to nextcloud using ‚log in with device‘
  • Passwords app acts as a passkey provider and is used to sign in to nextcloud

This workflow is currently not supported by the default operating system implementations as their boundaries are crossed and one has to rely on 3rd party providers.

Additional Context

The described scenario may not be relevant for everyone, but will be in the future as support for passkeys is growing and login via password will get less frequent.

This exact workflow described can be tested now using 1password (maybe the beta version).
1Password can be tested for 14 days for free.

There are the issues #545 and #353 but they are either unclear or focus on hardware keys.

[marius-wieschollek]

As a Note:
I have checked what 1Password does to make their browser extension work with WebAuthn (because there is no API to add an extension as WebAuthn provider). They just use a content script to overwrite/replace the WebAuthn api in webpages.

So no magic here, just plain old putting your stuff where the website expects the real stuff.
Its fiddly, but it would also allow things like adding WebAuthn Password support in Firefox.

[balintbarna]

Bitwarden does this very well and it’s open source as far as I know. Their iPhone app doesn’t support it yet it seems but the browser extensions work great, nice UI and UX. Works really smoothly with my Nextcloud instance for login but also GitHub and many others. Also syncs everything between devices with E2E using a master password derived key. I believe on the server side it’s just a simple json data structure for a passkey. The clients probably need to plug in to the browser/os API as a passkey provider.

[Fuseteam]

seems proton pass now also has support for this